In our current climate, many IT projects end up in the “pending” folder because there aren’t enough technical resources to finish them, resulting in less efficient operations and slower time-to-market for businesses.
Low-code/ no-code is an alternative technology that allows users who may not be tech-savvy to develop apps, helping to alleviate these issues. The use of this innovative technology is currently skyrocketing.
On the other hand, some businesses are wary to embark on this journey, as using a platform developed by an external party comes with visibility concerns. You’re consuming the software without seeing the source code, its associated vulnerabilities, or potentially the level of testing and rigor the platform has undergone.
Ben Kliger of Zenity helped me better understand the low-code/no-code trend and how the Zenity platform allows for visibility and control to combat such security concerns.
Gartner predicts that low-code app development will be responsible for more than 65% of all app development activity by 2024. Please explain, in your own opinion, why you think this trend is going to skyrocket.
Low-code/no-code is an incredible technology that brings people closer to tech – even if they don’t have a background in tech– and this enables them to be more productive and let their creativity take them as far as they would like. This technology enables application development democratization and allows for anyone to become a developer.
These new developers can build their own apps and automation without waiting for IT resource allocation, approval, or review. When you think of it from a business perspective, there is every reason to encourage employees to use low-code/no-code. It saves time, money, empowers employees and enables them to be more valuable to the organization.
Think about Gen Z, who were born with technology in their hands. They are used to the fast adoption of technologies, fast workflows, and quick changes. In today’s ever-changing tech environment, there is no more room for long and agonizing processes; this is exactly where low-code/no-code technology comes in. From developers who want to build or integrate applications faster and more efficiently to business user that needs to develop a new customer-facing service or automate critical yet cumbersome business processes, everyone can find their solution in low-code/no-code technology.
However, while this form of IT decentralization brings great value, it also poses new security governance challenges for IT and security professionals. On the other hand, businesses understand that to be aligned with their goals and growth targets, they need to be enablers of low-code/no-code technology – and this is exactly the bridge that Zenity provides.
What are the largest security concerns surrounding low-code app development at the moment?
Though security preferences can vary from one company to another, there are ten security risks that all businesses should be aware of and manage, as detailed in the OWASP group Top 10 Low-Code/No-Code Security Risks, led by Michael Bargury, Zenity CTO & Co-Founder. The top three are account impersonations, authorization misuse, and data leakage resulting in unexpected consequences.
As low-code/ no-code platforms proliferate and become widely used by organizations, there is a clear and immediate need to create awareness of security and privacy risks related to applications developed on such platforms.
Are business users solely responsible for the security of their low-code apps, or is it a shared responsibility with the platform vendor?
It is a shared responsibility model, one hundred percent. Low-code/no-code platforms are responsible for ensuring that their platforms can’t be hacked, and sometimes they offer basic security tools to their clients.
Organizations are responsible on their end, as well. The problem that organizations are facing is how pro and citizen developers use these platforms and how they’re building and implementing applications and automation. Suppose a pro or a citizen developer creates an app that exposes an organization to security or compliance risks, such as credential theft, data exfiltration, or PII mishandling. In that case, it is the organization’s responsibility to track such threats, and drive remediation.
How does Zenity help ensure that the benefits of low-code technology outweigh its security risks?
Zenity is the first and only security governance platform for low-code/no-code development.
Zenity empowers IT and Security professionals to gain complete visibility and control over their low-code/no-code estate, enabling them to unblock low-code/no-code development, gain visibility and discover low-code/no-code development with a cross-platform inventory, get continuous risk assessment to pinpoint vulnerabilities and insecure components, mitigate risk with automated remediation actions, and govern the low-code/no-code lifecycle and enforce security policies with playbooks.
We help organizations bridge the gap between development and security by creating a win-win environment where IT and information security can give business and pro developers the independence they want to move the business forward while retaining complete visibility and control.
